Le vendredi 17 mars 2006 à 10:28 +0100, tomaz Bratusa a écrit :
In my opinion there's no problem because the guy who tested bluetooth
security didn't have evil intent. He was just checking devices and
informing people about security holes in their devices.
As far as I understand the story, he wasn't just testing their security,
he was actually breaking into their phones to download their personal
data and then show them they were vulnerable, without their prior
consent. In that case, he can fully argue good faith, but what he does
is illegal. It's the main difference between doing things you belive
legitimate (I'm trying to help) and legal stuff (I'm not breaking the
law). You can help people, but actually breaking the law, and thus doing
illegal things.
The thing is law (at least in France) on computer crime does not take
intent in account. It defines what's an intrusion as using the system
without owner consent. There's no "legitimate purpose" for breaking into
IT systems (without owner consent). So you may have the best intentions
in the world, if you're breaking into a system without prior consent,
you break the law, period.
Futhermore, the OP question was on bluetooth hacking as a more general
matter:
"He got up and presented the information saying there was no law
preventing him from snarfing information."
I understand this as "if I was a malicious user, you couldn't sue me
because there is no law that actually prevents me to download your
personal data from your phone". And that is just plainly untrue. Now
maybe my english not being good prevent me from understanding some
subtility in this.
And as WiFi and wireless protocols in general privacy over the air was
mentioned before, downloading stuff from a phone using a wireless link
is truely different from just listening or probing around. Thus, I don't
think you can compare it to wardriving for instance.
Are you a burglar if you go past your fiends house and see that the
front door is open na take o look?
To me, analogies with real world mostly suck...
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------
